Caveat- Microsoft Press web site

Uing Firefox, I went to the MSFT Press web site to see what they had for Windows 7.

One of the links was

http://www.microsoft.com/learning/en/us/Book.aspx?ID=13487&locale=en-us

When I clicked on the link, I got jibberish, i.e., Firefox did not process the HTML.

So I copied the link into IE 6 and found that in addition to the usual ActiveX controls messages, according to Kaspersky Auntie Virus, the web site was trying to install/use new DLLs.

So beware when trying to use that web site unless you are willing to have DLLs added just to peruse the web site,

 

I have no time to investigate the site.

I'll wait until the Windows 7 books are published, likely within the next 3 weeks, and go back to check for particular books.

I just wanted to warn folkes that DLLs might get installed if your AV software does not have the proper options set.

I can see the need for running Javascript or PHP, but not installing a DLL to just peruse a web page.

 

I did not make a list.

Kaspersky AV pops up a warning on each one.
to detect this, you would need to use an AV that provides such warnings.

 

I will not install an IE tab in FF. If needed, I can use Opera in IE mode. Hmmm, I should try the link in Opera, but first I'll post this.

I have IE 6 options set to ask me each time an attempt is made to use ActiveX. Most folkes likely have that warning disabled. I only use IE, when forced to by the web site, e.g., for Windows/Office updates. There are very few other web sites that I MUST deal with that require use of IE.

In order to see the messages about the downloads, your AV has to have the ability to detect such download attempts.

Do not know what AVG detects.
Check the options.

I can disable the checks in Kaspersky, buy why would I do so?

 

Opera does not have these issues.

I just tried in IE 6 again.

I still get the pop ups from Kaspersky, but Kaspersky is now automatically blocking the change to the DLsL.

The message for the first one is:

9/20/2009 00:26:02 J:\Program Files\Internet Explorer\iexplore.exe Attempt to load a new or modified module J:\Winnt\system32\PNGFILT.DLL into process.

The file is the IE PNG plugin image decoder.
Created on 29 Aug 2002, last modified on 26 June 2009.

Maybe these are updated DLLs that do not get updated by Windows update, and IE 6 wants to install an update.

In any case, as long as the AV complains, I'll not allow the DLL to be updated/installed.

I could try IE 8 on another computer with KIS 2009, instead of KAV 7.0.1.325.

 

The problem does not occur on a Vista system with IE 8 and KIS 2009 (8.0.0.506) with latest KIS updates.

The problem occurs on a Windows 2000 system with IE 6 and KAV 7.0.1.325 with latest KAV updates. An AV needs options to detect such cases, I expect that not all AVs will do so, especially the free AVs.

However, on both systems, Firefox cannot render the page.

 

My IE6 on Win2K is configured to permit everything. Here is one of the cache directories:

​

The second item is not a true dll (binary executable), rather, a text file:

​

A search for that filename brings up lots of links about ADS (Ad Delivery Service) which Microsoft seems to have used for many years.

----
rich

 

I didn't see any attempt to update that dll on my Win2K system with IE6.

----
rich

 

The issue is not what IE 6 permits.

The issue is whether the AV program is flagging an attempt to install a new/modified version of a DLL. If one uses Opera or Firefox, those DLLs would not be used.

 

I'm using IE6 and I got no alert about installing an updated DLL.

----
rich

 

The issue is lack of understanding on part of the user. As Rmus has shown, that "DLL" is a text file instead of a binary.

 

That's a function of the AV program you use and the options that you have selected in the AV.

Kaspersky includes an option called Proactive Defense.
Within KAV 7.0.1.325, Proactive Defense includes options that I can disable enable:

Application Activity Analyzer(I believe that this is the one that flags attempts to change DLLs)

Application Integrity Control

Registry Guard

I've been using Kaspersky for about 4 years. When I investigated using Kaspersky, my recollection is that not many AVs had such extensive checking, the free AVs even less so.

 

PNGFILT.DLL is NOT a text file, it is a real DLL.

 

Well, I don't use an AV but I checked and nothing has been updated:

​

Anyway, no new executable, DLL or otherwise, can install without my permission. I tested by attempting to download the updated version of this DLL:

​

----
rich

 

That's not true.

Unless prevented by the OS, or an AV program, or ..., there are ways to replace DLLs programmatically. A standard download cannot, but there are ways to do this programmatically.

 

The AV has to do more than detect downloads.

It has to determine whether the download is attempting to add a new/modified DLL.

It is also possibe that this is a Windows 2000 and IE 6 specific issue with KAV 7.0.1.325.

 

If a tree falls, will you not believe it, unless you see the tree fall?

It is KAV 7.0.1.325 that issues the warning.
I cannot install IE 7 or 8 on a Windows 2000 system, so I cannot check whether the issue is related to Win 2000.

I would expect that the PNGFILT.DLL is used by IE 6 in Win 2000 and other OS as well.

However, each AV will work differently, and may work differently in each OS.
Each AV may, or may not, flag attempts to add new/modified DLLs.

In Vista, with IE 8, there may be no need to modify the DLLs, so they are not flagged by KIS 2009. Perhaps, that is also true of IE 6 in XP.

The real points of this thread are that one should NOT disable prompts/warnings in AV programs, and that, sigh!, MSFT continues to not verify that their web pages work in Firefox.

When I first started using Kaspersky several years ago, I quickly found that it did a much more exhaustive scan than the other AV I had previously used (NAV up until, and including, 2006, McAfee versions 10 and 11). I also temporarily used NIS 2008, but never did any scans, it's a looong story.

As of now, I have enough KAV licenses to last until early 2016, should I live that long. And enogh KIS licenses to last until 2014, should I live that long.

 

Download the dll file and then use the "file" command from the gnutils port for Windows and see what comes up. You'll then know the exact filetype ...
Mrk

 

That is not what you stated earlier - you referred to "install":

AV is not the only way to block installations of new executables.

Do you really believe that Microsoft updates DLLs programatically? That would take some rather creative programing to accomplish just by visiting a web site.

Anyway, according to my screen shot above, my DLL was not modified, Win2K + IE6, so something particular to your system has caused the results you observe.

It seems to me that you should ask for verification of what you observed before assuming it applies to everyone with Win2K + IE6!

----
rich